Browse Source

Add support for webroots on remote hosts

pull/385/head
whefter 8 years ago
committed by GitHub
parent
commit
eb6d6442cc
  1. 89
      acme.sh

89
acme.sh

@ -2015,7 +2015,7 @@ _clearupdns() {
done
}
# webroot removelevel tokenfile
# webroot removelevel tokenfile sshCmd
_clearupwebbroot() {
__webroot="$1"
if [ -z "$__webroot" ]; then
@ -2038,7 +2038,12 @@ _clearupwebbroot() {
if [ "$DEBUG" ]; then
_debug "Debugging, skip removing: $_rmpath"
else
rm -rf "$_rmpath"
_sshCmd="$4"
if [ ! "$_sshCmd" ]; then
rm -rf "$_rmpath"
else
ssh $_sshCmd "rm -rf \"$_rmpath\""
fi
fi
fi
@ -2678,26 +2683,76 @@ issue() {
_debug wellknown_path "$wellknown_path"
_debug "writing token:$token to $wellknown_path/$token"
_remoteRE='^(([^:]+)(:(.*?))?@)?([^:]+)(:([[:digit:]]+))?:(.*?)$'
_remotePath=$(echo "$wellknown_path/$token" | sed -rn "s/$_remoteRE/\0/p")
if [ ! "$_remotePath" ]; then
mkdir -p "$wellknown_path"
if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then
_err "$d:Can not write token to file : $wellknown_path/$token"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err
return 1
fi
mkdir -p "$wellknown_path"
if [ ! "$usingApache" ]; then
if webroot_owner=$(_stat "$_currentRoot"); then
_debug "Changing owner/group of .well-known to $webroot_owner"
chown -R "$webroot_owner" "$_currentRoot/.well-known"
else
_debug "not chaning owner/group of webroot"
fi
fi
else
_debug "Detected remote webroot"
_user=$(echo "$wellknown_path" | sed -rn "s/$_remoteRE/\2/p")
_pass=$(echo "$wellknown_path" | sed -rn "s/$_remoteRE/\4/p")
_host=$(echo "$wellknown_path" | sed -rn "s/$_remoteRE/\5/p")
_port=$(echo "$wellknown_path" | sed -rn "s/$_remoteRE/\7/p")
_path=$(echo "$wellknown_path" | sed -rn "s/$_remoteRE/\8/p")
_debug _user "$_user"
_debug _pass "$_pass"
_debug _host "$_host"
_debug _port "$_port"
_debug _path "$_path"
_sshCmd=""
if [ "$_user" ]; then
_sshCmd="$_user"
fi
if [ "$_pass" ]; then
_sshCmd="$_sshCmd:$_pass@"
elif [ "$_user" ]; then
_sshCmd="$_sshCmd@"
fi
if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then
_err "$d:Can not write token to file : $wellknown_path/$token"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err
return 1
fi
_sshCmd="$_sshCmd$_host"
if [ ! "$usingApache" ]; then
if webroot_owner=$(_stat "$_currentRoot"); then
_debug "Changing owner/group of .well-known to $webroot_owner"
chown -R "$webroot_owner" "$_currentRoot/.well-known"
else
_debug "not chaning owner/group of webroot"
if [ "$_port" ]; then
_sshCmd="-p $_port $_sshCmd"
fi
fi
_sshCmd="-o ConnectTimeout=3 $_sshCmd"
_debug _sshCmd "$_sshCmd"
# No quotes!
ssh $_sshCmd "mkdir -p \"$_path\""
if ! ssh $_sshCmd "printf \"%s\" \"$keyauthorization\" >\"$_path/$token\""; then
_err "$d:Can not write token to remote file : $_path/$token"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" "$_sshCmd"
_clearup
_on_issue_err
return 1
fi
fi
fi
elif [ "$vtype" = "$VTYPE_TLS" ]; then

Loading…
Cancel
Save